|
PHP - Php Login Form Help Needed Please.
Hi I am new to php and I have a login form for users that works ok with a mysql database table for users.
The problem I have is that it only takes all loggedin users to the same page and I want to take logged in users to their own page. I should have no more than 5 users at anyone time and for example I will call them simply user1, user2, user3, user4 and user 5. I want user1 to go to user1.php, user2 to go to user2.php and so on. The login.php code is as follows, can someone please tell me in laymans terms how to change it to accommodate this: Code: [Select] <?php include 'dbc.php'; $err = array(); foreach($_GET as $key => $value) { $get[$key] = filter($value); //get variables are filtered. } if ($_POST['doLogin']=='Login') { foreach($_POST as $key => $value) { $data[$key] = filter($value); // post variables are filtered } $user_email = $data['usr_email']; $pass = $data['pwd']; if (strpos($user_email,'@') === false) { $user_cond = "user_name='$user_email'"; } else { $user_cond = "user_email='$user_email'"; } $result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE $user_cond AND `banned` = '0' ") or die (mysql_error()); $num = mysql_num_rows($result); // Match row found with more than 1 results - the user is authenticated. if ( $num > 0 ) { list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result); if(!$approved) { //$msg = urlencode("Account not activated. Please check your email for activation code"); $err[] = "Account not activated. Please check your email for activation code"; //header("Location: login.php?msg=$msg"); //exit(); } //check against salt if ($pwd === PwdHash($pass,substr($pwd,0,9))) { if(empty($err)){ // this sets session and logs user in session_start(); session_regenerate_id (true); //prevent against session fixation attacks. // this sets variables in the session $_SESSION['user_id']= $id; $_SESSION['user_name'] = $full_name; $_SESSION['user_level'] = $user_level; $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); //update the timestamp and key for cookie $stamp = time(); $ckey = GenKey(); mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error()); //set a cookie if(isset($_POST['remember'])){ setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/"); } header("Location: myaccount.php"); } } else { //$msg = urlencode("Invalid Login. Please try again with correct user email and password. "); $err[] = "Invalid Login. Please try again with correct user email and password."; //header("Location: login.php?msg=$msg"); } } else { $err[] = "Error - Invalid login. No such user exists"; } } ?> Similar TutorialsI need help with the attached script. I am using ipage.com to host and when I log in with credentials that have been placed in the database I just get the login prompt coming up every time. There is no die action that says access failed or anything. hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? If you are a PHP expert, then I really your help. I have a question regarding PHP sessions and their security. So here is my story ... I created a login script (login.php) for my website. When a user goes to the login.php page, they see a login form that they must fill with their username and password to login to the members' area and view their profile, etc. On that login page, when the user enters their username and password and then clicks the "Login" button, my script filters the data, sends MySQL query and checks if the login is valid. If the login is NOT valid, then they get a "Login Failed" message. If the login is valid, I register their username and the password in sessions and redirect them to the members.php page. Here is some of my code for my login.php page after mysql confirms the login is valid <?php $query = mysql_query('SELECT * FROM `users` WHERE username='$user' AND password='$pass'"); $numRows = mysql_num_rows($query); if ( $numRows ) { // login is valid $_SESSION['username'] = $user; $_SESSION['pass'] = $pass; // redirect user to members area header('Location: /members.php'); } else { // login is invalid echo "Login failed"; } ?> My question is ... is this login script secured? I mean, I am not generating any session id or any cookie. I am just storing the username and the password in two session variables and those are the things that i will use to display the user's profile, etc. Can attackers attack this script? Is this secured or is there any other way I can make it stronger? Hi guys, I am making a bot which only scrapes the source code of the site AFTER logging into the site.The script to login is : Code: [Select] <?php $username="xxx"; $password="iwonttellyou"; $url="http://internet.com/login.php"; $cookie="cookie.txt"; $postdata = "name=".$username."&password=".$password; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt ($ch, CURLOPT_TIMEOUT, 60); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie); curl_setopt ($ch, CURLOPT_REFERER, $url); curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); curl_setopt ($ch, CURLOPT_POST, 1); $result = curl_exec ($ch); echo $result; ?> I can see different SESSION ID's in cookie.txt everytime i compile this code, which makes me believe its working.However what next? How should i go to that site again, already logged in and scrape the data ? Some suggestions would be nice. This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=318572.0 I'm not sure why, but once I added a search form in my nav menu, it made my other forms on the website such as login and signup form take them to where the search button would take them. any ideas??? I have this function completely written in my class file that I am working on. The point to this function is to be able to check the login of a user or administrator for either of the control panels associated with my site. It will check the session intime as well as the page / module referenced. Once it passes all those checks, it will check and ensure the emailaddress/password stored in the current session still holds true and the account is still active... if the account is still active it will update the lastActivity as well as update all of the session variables with what is currently in the database. What I am looking for is basically a look at the function, see if it looks good.. If there is any part to it that could create security holes for the site just off the login function itself... Usage: $q->validUser($_SESSION['user'], $_mod); <?php function validUser($sess, $p) { if ($sess['inTime'] == '' && $p != 'login' && $p != 'logout') { session_destroy(); $login = '0'; $_int = ''; return $login; } else if ($sess['inTime'] < time()-3600 && $p != 'login') { $sess['inTime'] = ''; session_destroy(); $this->check_login($sess, $p); } else { $this->user = $sess['emailAddress']; $this->pass = $sess['password']; $login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' AND status = '1' LIMIT '1'"); if ($login = $this->sql_numrows($login) < 1) { $sess['inTime'] == ''; session_destroy(); $login = '0'; } else { // logged in, lets update the database for last_activity AND the session. $this->sql_query("UDATE users SET lastActivity = '".now()."' WHERE emailAddress = '".$this->user."'"); $login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' AND status = '1' LIMIT '1'"); $login = mysql_fetch_assoc($login); foreach ($login as $key => $value) { $sess[$key] = $value; } $sess['inTime'] = time(); $login = '1'; } return $login; } } ?> That is the main function, sql_query and sql_numrows is: <?php function sql_query($query = "", $transaction = FALSE) { unset($this->query_result); if ($query != "") { $this->num_queries++; if ($transation == BEGIN_TRANSACTION && !$this->in_transation) { $result = mysql_query("BEGIN", $this->db_connect_id); if (!$result) { return false; } $this->in_transaction = TRUE; } $this->query_result = mysql_query($query, $this->db_connect_id); } else { if ($transaction == END_TRANSACTION && $this->in_transaction ) { $result = mysql_query("COMMIT", $this->db_connect_id); } } if ($this->query_result) { unset($this->row[$this->query_result]); unset($this->rowset[$this->query_result]); if ($transaction == END_TRANSACTION && $this->in_transaction ) { $this->in_transaction = FALSE; if (!mysql_query("COMMIT", $this->db_connect_id)) { mysql_query("ROLLBACK", $this->db_connect_id); return false; } } return $this->query_result; } else { if ($this->in_transaction ) { mysql_query("ROLLBACK", $this->db_connect_id); $this->in_transaction = FALSE; } return false; } } function sql_numrows($query_id = 0) { if(!$query_id) { $query_id = $this->query_result; } return ($query_id) ? mysql_num_rows($query_id) : false; } ?> Any insight that can help to benefit these functions would be appreciated. I'd truly appreciate any help you can give me with the following PHP form mailer. I get the following error: Parse error: syntax error, unexpected T_ELSE in testcontact.php on line 31 Any ideas on how to fix the error? Also, I need to sanitize the data, but I don't understand how to. Everything I've googled doesn't seem to work. Code: [Select] <?php $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $email = $_POST['email']; $mailinglist = $_POST['mailinglist']; $companyname = $_POST['companyname']; $address = $_POST['address']; $city = $_POST['city']; $zip = $_POST['zip']; $countrycode = $_POST['countrycode']; $areacode = $_POST['areacode']; $citycode = $_POST['citycode']; $number = $_POST['number']; $fcountrycode = $_POST['fcountrycode']; $fareacode = $_POST['fareacode']; $fcitycode = $_POST['fcitycode']; $fnumber = $_POST['fnumber']; $industry = $_POST['industry']; $product = $_POST['product']; $productnumber = $_POST['productnumber']; $comments = $_POST['comments']; if ($mailinglist != yes) $mailinglist = no; $mail_to = 'example@isp.com'; $subject = 'Webform Data'; $body = "First Name: $firstname \n Last Name: $lastname: \n Email: $email \n Mailing List: $mailinglist \n Company Name: $companyname \n Address: $address \n City: $city \n Zip: $zip \n Phone: $countrycode $areacode $citycode $number \n Fax: $fcountrycode $fareacode $fcitycode $fnumber \n Industry: $industry \n Product: $product \n Number of Packaged Products: $productnumber \n Comments/Questions: $commments "; if (isset($_POST['Submit'])) { mail($to, $subject, $body); echo "You will be contacted shortly."; }; ?> <!DOCTYPE html PUBLIC "/W3C/DTD XHTML 1.0 Transitional/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link rel="stylesheet" type="text/css" href="main.css" /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Contact Us</title> </head> <form action="testcontact.php" method="post">* represents required field<br /> *First Name:<input name="firstname" type="text" maxlength="50" value="<?php echo $_POST['firstname']; ?>" /><br /> *Last Name:<input name="lastname" type="text" maxlength="50" value="<?php echo $_POST['lastname']; ?>" /><br /> *E-mail:<input name="email" type="text" maxlength="50" value="<?php echo $_POST['email']; ?>" /><br /> Join Mailing List(check if yes):<input name="mailinglist" type="checkbox" value="<?php echo $_POST['mailinglist']; ?>"/><br /> Company Name:<input name="companyname" type="text" maxlength="100" value="<?php echo $_POST['companyname']; ?>" /><br /> Address:<input name="address" type="text" maxlength="100" value="<?php echo $_POST['address']; ?>" /><br /> City:<input name="city" type="text" maxlength="100" value="<?php echo $_POST['city']; ?>" /><br /> Zip<input name="zip" type="text" maxlength="10" value="<?php echo $_POST['zip']; ?>" /><br /> Phone Number:<input name="countrycode" type="text" size="3" maxlength="3" value="<?php echo $_POST['countrycode']; ?>" />-<input name="areacode" type="text" size="3" maxlength="3" value="<?php echo $_POST['areacode']; ?>" />-<input name="citycode" type="text" size="3" maxlength="3" value="<?php echo $_POST['citycode']; ?>" />-<input name="number" type="text" size="4" maxlength="4" value="<?php echo $_POST['number']; ?>" /><br /> Fax:<input name="fcountrycode" type="text" size="3" maxlength="3" value="<?php echo $_POST['fcountrycode']; ?>" />-<input name="fareacode" type="text" size="3" maxlength="3" value="<?php echo $_POST['fareacode']; ?>" />-<input name="fcitycode" type="text" size="3" maxlength="3" value="<?php echo $_POST['fcitycode']; ?>" />-<input name="fnumber" type="text" size="4" maxlength="4" value="<?php echo $_POST['fnumber']; ?>" /><br /> Industry:<input name="industry" type="text" maxlength="50" value="<?php echo $_POST['industry']; ?>" /><br /> Product Packaged:<input name="product" type="text" maxlength="100" value="<?php echo $_POST['product']; ?>" /><br /> Number of Packaged Products:<input name="productnumber" type="text" maxlength="100" value="productnumber" /><br /> Comments/Questions:<br /><textarea name="comments" rows="5" cols="50" maxlength="10000"><?php echo $_POST['comments']; ?></textarea><br /> <input type="submit" value="submit" /> </form> </body> </html> Thanks!
<?php
include("add_p2.php");
//basic pdo connection (with added option for error handling)
if (isset($_POST['submit'])) {
try {
$stmt = $dbh->prepare("INSERT INTO passwords (description, username, password ) VALUES (:description, :username, :AES_ENCRYPT)");
$stmt->bindParam(':description', $description);
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
try {
$statement->execute(array(
"description" => "description",
"username" => "username",
"password" => "password"
));
} catch(PDOException $e) {
echo "Exception caught: $e";
}
//insert one row
$name = 'one';
$value = 1;
$stmt->execute();
header( 'Location: localhost/password_added.php' ); exit();
?>
<?php
$dsn = "mysql:host=127.0.0.1;dbname=pword_db;charset=utf8";
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'root','', $opt);
?>
<form action="add_p.php" method="post"> <span class="cursive">Description: </span><br> <textarea name="description" rows="20" cols="50"></textarea> <br> <span class="cursive">Username: </span><br> <input type="text" name="username" /> <br> <span class="cursive">Password: </span><br> <input type="text" name="password" /> <br> <input type="submit"/> </form>Hi, above is the 3 components that should add form data into MySQL database using PDO. all it's doing is entering empty values, I'm really not sure why this is? please could someone help me with pointing me in the right direction, offer hint's making this work Thanks Attached Files PHPmyadmin.JPG 64.83KB 0 downloads User fills log in form on another page, but is then presented with "Your username cannot be found or password doesnt match" untill they press F5.... any ideas anyone? Code: [Select] <?php mysql_connect("localhost","ambroid_mike","347610"); @mysql_select_db("ambroid_findapart") or die( "Unable to select database"); $user = $_POST['user']; $pass = $_POST['pass']; $mysqluser = ereg_replace("_", "\_", $user); $query = "SELECT password FROM users WHERE username LIKE BINARY '$mysqluser'"; $result = mysql_query($query) or die("Error: ".mysql_error()); $row = mysql_fetch_array($result, MYSQL_NUM); $foundpass = $row[0]; if ($foundpass == $pass) { setcookie("FAPusername", $user); setcookie("FAPpassword", sha1($foundpass)); $user = $_COOKIE['FAPusername']; $pass = $_COOKIE['FAPpassword']; } $query = "SELECT * FROM users WHERE username='$user'"; $result = mysql_query($query) or die("Error: ".mysql_error()); $info = array(); $info = mysql_fetch_array($result, MYSQL_NUM); $original = array(); $original = $info; if (sha1($info[2]) != $pass) { mysql_close(); die("<br><br><center><body bgcolor='#FFFFFF'><b><font face='Verdana' size='2pt'>Your username cannot be found or password doesnt match</font></b></center></body></html>"); } ?> Hello, guys i hope you will help me with this cause i'm a complete newbie. First 2 words about the goal : I want to make a PHP script to autologin in one webpage and to get statistics in every 2 minutes. The account is mine so i dont want to scam or anything , just want to automate it cause this info i need in realtime, and refreshed often. The page login page code looks like this : Code: [Select] <dl> <dt>Username:</dt> <dd><input type="text" name="user" size="20" value="" class="input_text" /></dd> <dt>Password:</dt> <dd><input type="password" name="passwrd" value="" size="20" class="input_password" /></dd> </dl> <dl> <dt>Minutes to stay logged in:</dt> <dd><input type="text" name="cookielength" size="4" maxlength="4" value="60" class="input_text" /></dd> <dt>Always stay logged in:</dt> <dd><input type="checkbox" name="cookieneverexp" class="input_check" onclick="this.form.cookielength.disabled = this.checked;" /></dd> </dl> <p><input type="submit" value="Login" class="button_submit" /></p> and i try login like that : Code: [Select] $_login_url = 'URL of the login'; // url to login :) $_user = 'myusername'; // username for login $_pass = 'mypass'; // password.. $start = microtime(true); file_get_contents( $_login_url, false, stream_context_create( array( 'http' => array( 'method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => http_build_query( array( 'user' => $_user, 'passwrd' => $_pass, 'cookielength' => '-1', //what here ???? 'Login', ) ), ) ) ) ); $search['from'] = 'Set-Cookie: '; $search['to'] = ';'; $cookie = array(); //the problem is that i cant login to go to the statistics page, cause site requires login for view. Hi guys, I'm currently in the process of creating a login form. I'm using PHP to check a simple text file called 'users.txt' for the username and password which has been entered in the form. If the username and password are NOT in the 'users.txt' file, it will create them on a new line. Like so: Users.txt Code: [Select] ExampleUser,ExamplePass\n Marc,password Craig,password John,password Once I try to log into an account which is NOT there, it will create an account underneath. So if I try to log in with username as "Matthew" and password as "password" it will show like so: Code: [Select] ExampleUser,ExamplePass\n Marc,password Craig,password John,password Matthew,password Hoping this makes sense so far, all of the above works. However when I click back, to go back onto the login form, I try to log in with one of the usernames/passwords in the 'users.txt' file, and it will create the exact same user on a new line, so I have 2 of the same usernames/passwords. What I want it to do it, if the username is in the 'users.txt' file, for it to display a message saying "Congratulations you're logged in". Here is the code for the PHP login page. P4 LoginScriptFile.php Code: [Select] <?php //This checks for required fields from the form. if ((!$_POST[username]) || (!$_POST[password])) { header("Location: P4 LoginForm.php"); exit; } //This reads values from the form. $form_user = $_POST[username]; $form_password = $_POST[password]; $flag = FALSE; $filename = "users.txt"; $fp = fopen( $filename, "r" ) or die ("Couldn't open $filename"); while ( ! feof( $fp ) ) { $line = fgets( $fp); $user = strtok($line, ","); //Username $password = strtok(","); //Password if (($form_user == $user) && ($form_password == $password)) { $flag = TRUE; } } if ($flag) { echo "<br>Congratulations, you're logged in"; } else{ $filename = "users.txt"; $updateuser = $_POST ['username']; $updatepass = $_POST ['password']; $fp = fopen( $filename, "a" ) or die("Couldn't open $filename"); fwrite( $fp, "$updateuser,$updatepass\n") or die ("Couldn't write values to your file!"); fclose( $fp ); echo "<br>An account has been created for you!"; } ?> I think what I need is to read the file once the new user has been created. Any help would be greatly appreciated. Thanks in advance for any help. gixxx Hi Guys I am adding a short contact form to a site. All the fields are text fields. What do you think is the minimum validation I need to add to make the form safe against hacking etc. Thanks I'm not sure where the issue really lies after the form submits it DOES perform the error messages if there is one, however if the username and password are atleast filled in and the user clicks Log In it doesn't do anything after that. login.php <?php /** * @author Jeff Davidson * @copyright 2010 */ if (isset($_POST['submitted'])) { require_once ('inc/login_functions.php'); require_once ('inc/dbconfig.php'); list ($check, $data) = check_login($dbc, $_POST['username'], $_POST['password']); if ($check) { // OK! // Set the session data:. session_start(); $_SESSION['id'] = $data['id']; $_SESSION['firstname'] = $data['firstname']; // Redirect: $url = absolute_url ('loggedin.php'); header("Location: $url"); exit(); }else { // Unsuccessful! $errors = $data; } mysqli_close($dbc); } // End of the main submit conditional. include ('inc/login_page.php') ?> login_functions.php <?php /** * @author Jeff Davidson * @copyright 2010 */ // This page defines two functions used by the login/logout process. /* This function determines and returns an absolute URL. * It takes one argument: the page that concludes the URL. * The argument defaults to index.php. */ function absolute_url($page = 'index.php') { // Start defining the URL... // URL is http://plus the host name plus the current directory: $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Remove any trailing slashing: $url = rtrim($url, '/\\'); // Add the page $url .= '/' . $page; // Return the URL: return $url; } // End of absolute_url() function. /* This function validates the form data (the username and password). * If both are present, teh database is queried. * The function requires a database connection. * The function returns an array of information, including: * - a TRUE/FALSE variable indicating success * - an array of either errors or the database result */ function check_login($dbc, $username = '', $password = '') { $errors = array(); // Initialize error array. // Validate the username if (empty($username)) { $errors[] = 'You forgot to enter your username.'; } else { $u = mysqli_real_escape_string($dbc, trim($username)); } // Validate the password: if (empty($password)) { $errors[] = 'You forgot to enter your password.'; } else { $p = mysqli_real_escape_string($dbc, trim($password)); } if (empty($errors)) { // If everythings OK. // Retrieve the firstname and lastname for the username/password combination: $q = "SELECT id, firstname FROM users WHERE username='$u' AND password=SHA('$p')"; $r = @mysqli_query($dbc, $q); // Run teh query. // Check the result: if (mysqli_num_rows($r) == 1) { // Fetch the record: $row = mysqli_fetch_array($r, MYSQLI_ASSOC); // Return true and the record: return array(true, $row); }else { // Not a match! $errrors[] = 'The username and password entered do not match those on file.'; } } // End of empty ($errrors) IF. // Return false and the errors: return array(false, $errors); } //End of check_login() function. ?> login_page.php <?php /** * @author Jeff Davidson * @copyright 2010 */ // This page prints any errors associated with logging in and creates the login, including the form. // Prints any error messages, if they exists: if (!empty($errors)) { echo '<h1>Error!</h1> <p class="error">The following error(s) occured:<br />'; foreach ($errors as $msg) { echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Display the form: ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="description" content="Caracole" /> <title>Titanium</title> <link HREF="favicon.ico" type="image/x-icon" rel="icon" /> <link HREF="favicon.ico" type="image/x-icon" rel="shortcut icon" /> <link rel="stylesheet" type="text/css" href="css/tripoli.simple.css" media="screen, projection, print" /> <link rel="stylesheet" type="text/css" href="css/base.css" media="screen, projection, print" /> <link rel="stylesheet" type="text/css" href="css/layout.css" media="screen, projection, print" /> <link rel="stylesheet" type="text/css" href="css/style.css" media="screen, projection, print" /> <link rel="stylesheet" type="text/css" href="css/theme.css" media="screen, projection, print" /> <link rel="stylesheet" type="text/css" href="css/icons.css" media="screen, projection, print" /> <script type="text/javascript" SRC="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <script type="text/javascript"> //<![CDATA[ document.write('<link rel="stylesheet" type="text/css" href="css/js/js.css" media="screen, projection, print" />'); //]]> $(document).ready(function(){ $(".close").click(function(){ $(this).parents(".message").hide("puff"); }); }); </script> <!--[if IE]> <link rel="stylesheet" type="text/css" href="css/ie/ie.css" media="screen, projection, print" /> <![endif]--> <!--[if lt IE 7]> <script src="js/DD_belatedPNG_0.0.7a-min.js" type="text/javascript"></script> <script> DD_belatedPNG.fix(' #header, h1, h1 a, .close, .field,.paginate .current, .icon, .required-icon'); </script> <link rel="stylesheet" href="css/ie/ie6.css" type="text/css" media="screen, projection"/> <![endif]--> </head> <body> <!-- Content --> <div id="login" class="content"> <div class="roundedBorders login-box"> <!-- Title --> <div id="title" class="b2"> <h2>Log In</h2> <!-- TitleActions --> <div id="titleActions"> <div class="actionBlock"> <a href="#">Forgot your password ?</a> </div> </div> <!-- /TitleActions --> </div> <!-- Title --> <!-- Inner Content --> <div id="innerContent"> <form action="login.php" method="post"> <div class="field"> <label for="username">Username</label> <input type="text" class="text" id="username" name="username" /> </div> <div class="field"> <label for="password">Password</label> <input type="password" class="text" id="password" name="password"/> </div> <div class="clearfix login-submit"> <span class="fleft"> <input type="checkbox" name="remember-me" id="remember-me" /> <label for="remember-me">Remember me</label> </span> <span class="fright"> <button class="button" type="submit" name="submit"><strong>Log In</strong></button> </span> </div> <input type="hidden" value="TRUE" name="submitted" /> </form> </div> <!-- /Inner Content --> <div class="bBottom"><div></div></div> </div> </div> </body> </html> loggedin.php <?php /** * @author Jeff Davidson * @copyright 2010 */ // The user is redirected here from login.php. session_start(); // Star the session. // If no session value is present, redirect the user: if (!isset($_SESSION['id'])) { require_once('inc/login_functions.php'); $url = absolute_url(); header("Location: $url"); exit(); } $page_title = 'Logged In!'; // Print a customized message: echo "<h1>Logged In!</h1> <p>You are now logged in, {$_SESSION['firstname']}!</p> <p><a href=\"logout.php\">Logout</a></p>"; ?> I thought I'd come back in and insert the file manager I have setup here. root/loggedin.php root/login.php root/inc/login_page.php root/inc/login_functions.php Hello guys, first post here.
I have a web system which contains a login form programmed in 3 different languages HTML, PHP and JS. The problem is that it's not working, you can access without entering any data, you just press enter and it will work, I don't know why it is not validating any credentials. I was thinking about some query problems but I don't know. I am a newbie on this. I have read a lot but haven't found an answer. A friend helped me build the system but left that uncompleted and he's nowhere to be found.
I was wondering if you could help me out with this.
<form role="form" ng-submit="login(user,password)">
<div class="form-group">
<input type="user" class="form-control" ng-model='user' placeholder="Usuario">
</div>
<div class="form-group">
<input type="password" class="form-control" ng-model='password' placeholder="Contraseña">
</div>
<div class="alert alert-warning" id='alert' style="display:none">Revise la informacion...</div>
<div class="alert alert-danger" style="display:none" id='alertErr'>Error Usuario o Contraseña Erronea intentelo de nuevo</div>
<button type="submit" class="btn btn-primary">Ingresar</button>
</form>
<?php
require_once 'database.php';
$db = new Database();
$body = json_decode(file_get_contents('php://input'));
$user =$db->query("SELECT * FROM usuario WHERE usua_login = '".$body->user."' AND usua_pass = '".$body->password."'");
if($user == false){
http_response_code(404);
}
else{
http_response_code(200);
echo json_encode($user);
}
?>
'use strict';
/**
* @ngdoc function
* @name belkitaerpApp.controller:MainCtrl
* @description
* # MainCtrl
* Controller of the belkitaerpApp
*/
angular.module('belkitaerpApp')
.controller('MainCtrl', function ($scope,$http,$location) {
$scope.login = function(user,password){
console.log('Login...');
if(user =='' || password ==''){
$('#alert').show("slow");
setTimeout(function() {
$('#alert').hide('slow');
}, 3000);
}
else{
$http.post('../serverSide/login.php',{user:user,password:password}).success(function(data){
console.log('OK!');
$location.path('/products');
}).error(function(data){
$('#alertErr').show("slow");
setTimeout(function() {
$('#alertErr').hide('slow');
}, 3000);
});
}
}
});
I created a login form for my system and I don't sure that it's enought for security to protect my website?
include("database.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$stmt = $conn->prepare("SELECT Sale_ID FROM tb_sales WHERE Login_Name = ? AND Login_Password = ? LIMIT 1");
$stmt->bind_param("ss", $_POST['username'], $_POST['password']);
$stmt->execute();
$res = $stmt->get_result();
$count = mysqli_num_rows($res);
if($count == 1) {
// session_register("myusername");
$_SESSION['login_user'] = $_POST['username'];
echo "Login Succcess";
//header("location: index.php");
}else {
echo "Your Login Name or Password is invalid";
}
}
Hi my code below checks for Username and password from a form and if they match those in database, it redirects to main.php However, I would like some help setting up error page?! at the moment if the username or password are incorrect and teh form is submitted, the pages just goes white and blank?! <?php session_start(); include_once("config.php"); checkLoggedIn("no"); if(isset($_POST["submit"])) { field_validator("rsUser", $_POST["rsUser"], "alphanumeric", 3, 15); // password must be between 4 and 15 chars - any characters can be used: field_validator("rsPass", $_POST["rsPass"], "string", 3, 15); if($messages){ doIndex(); exit; } if( !($row = checkPass($_POST["rsUser"], $_POST["rsPass"])) ) { $messages[]="Incorrect login/password, try again"; } if($messages){ doIndex(); exit; } cleanMemberSession($row["rsUser"], $row["rsPass"], $row["UserID"]); if ($user = checkPass($_REQUEST['rsUser'], $_REQUEST['rsPass'])) { cleanMemberSession($user['rsUser'], $user['rsPass'], $user['UserID']); } else { echo('Login failed'); } header("Location: main.php"); } else { doIndex(); } function doIndex() { global $messages; global $title; } ?> Login failed does not get shown if a username is entered wrong?! I must be losing my marbles on this one: I have a standard login form that queries my MySQL database for user info, but the problem doesn't even get that far. Here's the form: Code: [Select] <div id="login_form"> <form action="access/" method="post"> <input type="text" name="username" class="username" /><br> <input type="password" name="password" class="password" /><br> <input type="submit" class="submit" value=""> </form> </div> Then the backend: <?php echo '<pre>'; print_r($_POST); echo '</pre>'; //The rest of the validation is beyond here... ?> Lets say in the db I have username = 'test' and password = 'test1234', when I enter the correct username and password the POST array displays blank: Code: [Select] array ( ) So then, I enter another entry, lets say I enter username = 'test' and password = 'test2468', but the mysql stays the same: I get this: Code: [Select] array( [username] => test [password] => test2468 } So then, because at this point i'm 98% sure i've lost my mind I go in and change the password in the DB to match the new entry. So now mysql db says username = 'test' and password = 'test2468' I try using that info again and voila: Code: [Select] array ( ) Has anyone run into something similar to this, the info is not interacting with the database in any way at this point, yet it seems to be affecting it. Thanks for any help you can offer, and for not thinking i'm crazy E when I test this script on browser. This is all that I see. invalid username or password Code: [Select] <?php //start session session_start(); include 'functions.php'; if (loggedin()) { header("Location: userarea.php"); exit(); } if ($_POST['login']) { //get data $username = $_POST['username']; $password = $_POST['password']; $rememberme = $_POST['rememberme']; } if (username&&$password) { $login = mysql_query("SELECT * FROM users WHERE username='$username'"); while ($row = mysql_fetch_assoc($login)) { $db_password = $row['password']; if (md5($password)==$db_password) $loginok =TRUE; else $loginok = FALSE; if ($loginok ==TRUE); { if($rememberme=="on") setcookie("username",$username, time()+7200); else if ($rememberme=="") $_SESSION['username']=$username; header("Location: userarea.php"); exit(); } } } else { die("invalid username or password"); } ?> <form action="login.php" method="POST"> username:<br /> <input type="text" name="username" /><br /> password:<br /> <input type="password" name="password" /><br /> <input type="checkbox" name="rememberme">remember me<br /> <input type="submit" name="login" value="Log in" /> </form> |
|||||||